This is a malicious application that eavesdrops on users, please check your phone and remove it immediately

This application is hidden inside some applications on Google Play, once installed, it will try to hide on the victim's device with a gear icon, making users mistakenly believe that this is part of the system.

According to Lab52, this malicious code was previously linked to Turla, a famous hacker group believed to be supported by the Russian state. This group specializes in using custom malware to target European and American systems, mainly for espionage.

This is a malicious application that eavesdrops on users, please check your phone and remove it immediately Picture 1

This is a malicious application that eavesdrops on users, please check your phone and remove it immediately Picture 2

After being installed and granted system permissions, the application will steal the victim's data, eavesdrop and track the user's location.

On first launch, this malicious app will claim access to location, network status, camera, contacts, external storage, call logs, Foreground service, messages, recordings. . to collect the device's location, send and read texts, access memory, take photos/videos with the camera, and record audio.

After being granted the above permissions, this spyware will remove the icon from the screen and silently run in the background making it very difficult for users to detect.

This is a malicious application that eavesdrops on users, please check your phone and remove it immediately Picture 3

This malware was discovered lurking in the Roz Dhan: Earn Wallet cash app on the Google Play Store.

If you have installed it by mistake, please remove this application immediately by going to Settings -> Apps -> Manage apps, find the malicious application name - > click Uninstall.

Lesley Montoya

Update 06 April 2022